Bug 87130 (CVE-2005-2023) - VUL-0: CVE-2005-2023: S/Mime signing broken?
Summary: VUL-0: CVE-2005-2023: S/Mime signing broken?
Status: RESOLVED FIXED
Alias: CVE-2005-2023
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All All
: P5 - None : Major
Target Milestone: ---
Assignee: Thomas Biege
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-2023: CVSS v2 Base Score: 10...
Keywords:
Depends on:
Blocks:
 
Reported: 2005-06-04 16:48 UTC by Forgotten User jq9zgB7cRO
Modified: 2021-11-04 16:12 UTC (History)
2 users (show)

See Also:
Found By: Customer
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
patchinfo-box.gpg2 (273 bytes, application/octet-stream)
2005-06-09 08:21 UTC, Thomas Biege 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Forgotten User jq9zgB7cRO 2005-06-04 16:48:21 UTC 
S/Mime signing broken on 9.3 
From: 
G Davies <gdavies@anothercrap.com> 
Date: 
Saturday 04 Jun 2005 13:43:39 
Groups: 
novell.support.suse.linux.professional 
no references 
 
This is more of a heads up than a question, after spending most of a day 
trying to get S/Mime signing to work on Suse 9.3 I came across a thread 
(http://lists.gnupg.org/pipermail/gpa-dev/2005-June/002291.html) on the 
gpa-dev mailing list that appears to have pinpointed the problem. 
 
Basically, the gpg2 version Novell/Suse used (1.9.14) had a silly bug in 
it 
that broke things, unfortunately there's no updated package (mainline or 
supplementary) that I know of so you will need to install gpg2 from 
source 
(oh what fun, all those broken dependencies), roll your own RPM, or wait 
for someone else to produce an RPM (PackMan maybe?). 
 
Hope this is useful to someone, I wasted a lot of time before finding 
this. 
 
Gayle
Comment 1 Thomas Biege 2005-06-06 07:36:31 UTC 
reassigned to maintainer.
Comment 2 Klaus Singvogel 2005-06-06 12:17:13 UTC 
That's gpg2! Wrong maintainer chosen, reassigning bug.
Comment 3 Petr Ostadal 2005-06-08 13:08:34 UTC 
fix:

diff -urpP gnupg-1.9.14/common/asshelp.c gnupg-1.9.15/common/asshelp.c
--- gnupg-1.9.14/common/asshelp.c       2004-12-18 09:35:31.000000000 +0000
+++ gnupg-1.9.15/common/asshelp.c       2005-01-03 11:23:48.000000000 +0000
@@ -150,7 +150,7 @@ send_pinentry_environment (assuan_contex
 #endif
   if (opt_lc_messages || (dft_ttyname && dft_lc))
     {
-      err = send_one_option (ctx, errsource, "display",
+      err = send_one_option (ctx, errsource, "lc-messages",
                              opt_lc_messages ? opt_lc_messages : dft_lc);
     }
 #if defined(HAVE_SETLOCALE) && defined(LC_MESSAGES)
Comment 4 Petr Ostadal 2005-06-08 13:18:00 UTC 
Can I make YOU for package gpg2 in SL9.3?
Comment 5 Thomas Biege 2005-06-09 08:18:06 UTC 
SM-Tracker-1499
Comment 6 Thomas Biege 2005-06-09 08:21:25 UTC 
Created attachment 38862 [details]
patchinfo-box.gpg2
Comment 7 Anja Stock 2005-06-09 10:53:23 UTC 
Assigning to postadal@suse.de
Comment 8 Petr Ostadal 2005-06-10 11:43:21 UTC 
fixed and submited with patchinfo.
Comment 9 Marcus Meissner 2005-06-15 08:37:18 UTC 
updated packages for 9.3 approved.
Comment 10 Marcus Meissner 2005-07-08 08:02:03 UTC 
CAN-2005-2023
Comment 11 Thomas Biege 2009-10-13 21:26:20 UTC 
CVE-2005-2023: CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)